Use requests module for HTTP/HTTPS

* Implement correct certificate verification * Add requests to tools/pip-requires * Fix OS_CACERT env var help text * Add info to README * Rework tests to use requests Pinned requests module to < 1.0 as 1.0.2 is now current in pipi as of 17Dec2012. Change-Id: I120d2c12d6f20ebe2fd7182ec8988cc73f623b80
author: Dean Troyer <dtroyer@gmail.com> 2012-11-16 17:43:05 -0600
committer: Dean Troyer <dtroyer@gmail.com> 2012-12-18 15:30:43 -0600
commit: 51dc6a0cef657cf9fa110da11d81d1c3f13194fa (patch)
tree: 80bda5aa2974db6102a60b06ea7422e107034940 /README.rst
parent: 581264757e5ac8c5313acc35e5dc94247c7a80ff (diff)
download: python-keystoneclient-51dc6a0cef657cf9fa110da11d81d1c3f13194fa.tar.gz
1 files changed, 19 insertions, 7 deletions
diff --git a/README.rst b/README.rst
index deed59c..e6d2928 100644
--- a/README.rst
+++ b/README.rst
@@ -75,6 +75,17 @@ OS_REGION_NAME``)::
     If a region is not specified and multiple regions are returned by the
     Identity service, the client may not access the same region consistently.
 
+If you need to connect to a server that is TLS-enabled (the auth URL begins
+with 'https') and it uses a certificate from a private CA or a self-signed
+certificate you will need to specify the path to an appropriate CA certificate
+to use to validate the server certificate with ``--os-cacert`` or an
+environment variable::
+
+    export OS_CACERT=/etc/ssl/my-root-cert.pem
+
+Certificate verification can be turned off using ``--insecure``. This should
+be used with caution.
+
 You'll find complete documentation on the shell by running ``keystone help``::
 
     usage: keystone [--os-username <auth-user-name>]
@@ -85,8 +96,8 @@ You'll find complete documentation on the shell by running ``keystone help``::
                     [--os-identity-api-version <identity-api-version>]
                     [--os-token <service-token>]
                     [--os-endpoint <service-endpoint>]
-                    [--os-cacert <ca-certificate>] [--os-cert <certificate>]
-                    [--os-key <key>] [--insecure]
+                    [--os-cacert <ca-certificate>] [--insecure]
+                    [--os-cert <certificate>] [--os-key <key>] [--no-cache]
                     <subcommand> ...
 
     Command-line interface to the OpenStack Identity API.
@@ -167,13 +178,14 @@ You'll find complete documentation on the shell by running ``keystone help``::
                             from the service catalog (via authentication).
                             Defaults to env[OS_SERVICE_ENDPOINT]
     --os-cacert <ca-certificate>
-                            Defaults to env[OS_CACERT]
+                            Specify a CA bundle file to use in verifying a TLS
+                            (https) server certificate. Defaults to env[OS_CACERT]
+    --insecure              Explicitly allow keystoneclient to perform "insecure"
+                            TLS (https) requests. The server's certificate will
+                            not be verified against any certificate authorities.
+                            This option should be used with caution.
     --os-cert <certificate>
                             Defaults to env[OS_CERT]
     --os-key <key>        Defaults to env[OS_KEY]
-    --insecure            Explicitly allow keystoneclient to perform "insecure"
-                            SSL (https) requests. The server's certificate will
-                            not be verified against any certificate authorities.
-                            This option should be used with caution.
 
     See "keystone help COMMAND" for help on a specific command.
author	Dean Troyer <dtroyer@gmail.com>	2012-11-16 17:43:05 -0600
committer	Dean Troyer <dtroyer@gmail.com>	2012-12-18 15:30:43 -0600
commit	51dc6a0cef657cf9fa110da11d81d1c3f13194fa (patch)
tree	80bda5aa2974db6102a60b06ea7422e107034940 /README.rst
parent	581264757e5ac8c5313acc35e5dc94247c7a80ff (diff)
download	python-keystoneclient-51dc6a0cef657cf9fa110da11d81d1c3f13194fa.tar.gz